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AMENDMENTS IN THE CLAIMS 

Please amend the claims as indicated below. The language being added is underlined 
(" ") and the language being deleted contains strikethrough (" — ") : 



1 . (currently amended) A system for establishing a secure execution environment for a 
software process executed by a program operating on a computer, comprising: 

a software process operating on a computer, said software process including a 
plurality of attributes; 

an operating system kernel in communication with said software process and in 
communication with an executable file to be accessed by said software process; and 

a system call trap associated with said operating system kernel, said system call trap 
configured to modify the assign a selected plurality of said attributes for the te-sakl software 
process based on an executable environment attribute , said s e l e ct e d plurality of attribut e s 
stored in association with said executable file. 

2. (currently amended) The system of claim 1, wherein said system call trap further 
comprises: 

a process attribute extension; and 

an access token extension associated with said process attribute extension, said access 
token extension including said executable environment attribute soloctod plurality of 
attribut e s . 

3. (currently amended) The system of claim 1, wherein said executable environment 
attribute s e l e ct e d plurality of attributes aro is_contained in a database associated with said 
executable file. 
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4. (currently amended) The system of claim 1, wherein said s e l e ct e d plurality of 
attribut e s ar e executable environment attribute is chosen from the group consisting of user ID, 
group IDs and privileges. 

5. (original) The system of claim 1, wherein said execution environment isolates said 
software process from any other software process operating on said computer. 

6. (original) The system of claim 1, wherein said software process is a web server 
process. 

7. (original) The system of claim 1, wherein said software process is a file transfer 
process. 

8. (original) The system of claim 1, wherein said software process is a mail server 
process. 

9. (currently amended) The system of claim K wherein said executable environment 
attribute s e l e ct e d plurality of attribut e s ar e is_associated to said software process upon 
execution of said software process. 

1 0. (currently amended) The system of claim 1 , wherein said executable environment 
attribute s e l e ct e d plurality of attribut e s replaces any existing attributes associated with said 
software process. 
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1 1 . (currently amended) A method for establishing a secure execution environment for a 
software process executed by a program operating on a computer, the method comprising the 
st e ps of : 

operating a software process on a computer, said software process including a 
plurality of attributes; 

executing an operating system kernel in communication with said software process, 
said operating system kernel in communication with an executable file to be accessed by said 
software process; and 

assigning a s e l e ct e d plurality of said attribut e s to said softwar e proc e ss, said s e l e ct e d 
plurality of attribut e s stor e d in association with said e x e cutabl e fil e modifying the plurality of 
attributes for the software process based on an executable environment attribute stored in 
association with the executable file . 

12. (currently amended) The method of claim 11, further comprising th e st e ps of : 
executing a process attribute extension; and 

executing an access token extension associated with said process attribute extension, 
said access token extension including the executable environment attribute said selected 
plurality of attribut e s . 

13. (currently amended) The method of claim 11, wherein the executable environment 
attribute said s e l e ct e d plurality of attribut e s ar e is_contained in a database associated with said 
executable file. 
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14. (currently amended) The method of claim 1 1 , wherein said the executable 
environment attribute s e l e ct e d plurality of attribut e s ar e is chosen from the group consisting of 
user ID, group IDs and privileges. 

15. (original) The method of claim 11, wherein said execution environment isolates said 
software process from any other software process operating on said computer. 

16. (original) The method of claim 11, wherein said software process is a web server 
process. 

17. (original) The method of claim 1 1, wherein said software process is a file transfer 
process. 

18. (original) The method of claim 11, wherein said software process is a mail server 
process. 

19. (currently amended) The method of claim 11, wherein the executable environment 
attribute said s e l e ct e d plurality of attribut e s ar e is_associated to said software process upon 
execution of said software process. 

20. (currently amended) The method of claim 1 1 , wherein the executable environment 
attribute said s e l e ct e d plurality of attribut e s replaces any existing attributes associated with 
said software process. 
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21 . (currently amended) A computer readable medium having a program for establishing 
a secure execution environment for a software process executed by a program operating on a 
computer, the program including logic for p e rforming th e steps of : 

operating a software process on a computer, said software process including a 
plurality of attributes; 

executing an operating system kernel in communication with said software process, 
said operating system kernel in communication with an executable file to be accessed by said 
software process; and 

modifying the plurality of attributes for the software process based on an executable 
environment attribute stored in association with the executable file assigning a selected 
plurality of said attributes to said software process, said s e l e ct e d plurality of attributes stored 
in association with said e x e cutabl e fil e . . 

22. (currently amended) The program of claim 21, further comprising logic for 
p e rforming th e st e ps of : 

executing a process attribute extension; and 

executing an access token extension associated with said process attribute extension, 
said access token extension including the executable environment attribute said s e l e ct e d 
plurality of attribut e s . 

23. (currently amended) The program of claim 21, wherein the executable environment 
attribute said s e l e ct e d plurality of attribut e s ar e is contained in a database associated with said 
executable file. 
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24. (currently amended) The program of claim 21, wherein said the executable 
environment attribute soloctod plurality of attribut e s ar e is_chosen from the group consisting of 
user ID, group IDs and privileges. 

25. (original) The program of claim 21, wherein said execution environment isolates said 
software process from any other software process operating on said computer. 

26. (original) The program of claim 21, wherein said software process is a web server 
process. 

27. (original) The program of claim 21, wherein said software process is a file transfer 
process. 

28. (original) The program of claim 21, wherein said software process is a mail server 
process. 

29. (currently amended) The program of claim 21, wherein said the executable 
environment attribute s e l e ct e d plurality of attribut e s ar e is_associated to said software process 
upon execution of said software process. 

30. (currently amended) The program of claim 21, wherein the executable environment 
attribute said s e l e ct e d plurality of attribut e s replaces any existing attributes associated with 
said software process. 
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31. (new) The system of claim 1, wherein the system call trap is further configured to 
determine whether the execution environment attribute contains an inherit flag. 

32. (new) The system of claim 31, wherein the system call trap is further configured to 
store a current attribute for a current process when the execution environment attribute 
contains an inherit flag. 

33. (new) The system of claim 32, wherein the system call trap is further configured to: 
determine whether the current attribute for the current process contains the inherit 

flag; 

merge the execution environment attribute with a previously stored attribute if the 
current attribute does not contain the inherit flag; and 

merge the execution environment attribute with the current attribute if the current 
attribute does contain the inherit flag. 

34. (new) The method of claim 11, further comprising determining whether the execution 
environment attribute contains an inherit flag. 

35. (new) The method of claim 34, further comprising storing a current attribute for a 
current process when the execution attribute contains an inherit flag. 
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36. (new) The method of claim 35, further comprising: 

determining whether the current attribute for the current process contains the inherit 
flag; and 

merging the execution environment attribute with a previously stored attribute if the 
current attribute does not contain the inherit flag. 

37. (new) The method of claim 35, further comprising: 

determining whether the current attribute for the current process contains the inherit 
flag; and 

merging the execution environment attribute with the current attribute if the current 
attribute does contain the inherit flag. 

38. (new) The computer readable medium of claim 21, further comprising logic for 
determining whether the execution environment attribute contains an inherit flag. 

39. (new) The computer readable medium of claim 38, further comprising logic for 
storing a current attribute for a current process when the execution attribute contains an 
inherit flag. 
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40. (new) The computer readable medium of claim 39, further comprising logic for: 

determining whether the current attribute for the current process contains the inherit 

flag; 

merging the execution environment attribute with a previously stored attribute if the 

current attribute does not contain the inherit flag; and 

merging the execution environment attribute with the current attribute if the current 

attribute does contain the inherit flag. 
. — . _ 
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